Cybercrime investigation and the protection of personal data and privacy

Similar documents
Spring Conference of the European Data Protection Authorities, Cyprus May 2007 DECLARATION

INVESTIGATION OF ELECTRONIC DATA PROTECTED BY ENCRYPTION ETC DRAFT CODE OF PRACTICE

APPENDIX. 1. The Equipment Interference Regime which is relevant to the activities of GCHQ principally derives from the following statutes:

PDP on Next- Generation gtld Registration Directory Service (RDS)

With the current terrorist threat facing European Union Member States, including the UK

Purpose specific Information Sharing Agreement. Community Safety Accreditation Scheme Part 2

COMMUNICATION FROM THE COMMISSION. On the global approach to transfers of Passenger Name Record (PNR) data to third countries

Constitutional Rights and New Technologies: (how to) keep the Constitution up-to-date

EUROPEAN UNION. Brussels, 3 February 2006 (OR. en) 2005/0182 (COD) PE-CONS 3677/05 COPEN 200 TELECOM 151 CODEC 1206 OC 981

B. The transfer of personal information to states with equivalent protection of fundamental rights

EUROPEAN PARLIAMENT COMMITTEE ON CIVIL LIBERTIES, JUSTICE AND HOME AFFAIRS

PE-CONS 71/1/15 REV 1 EN

the Commisslone Mazionale per le Sodeta e la Borsa in ItaJy and the Public Company Accounting Oversight Board In the United States

OPINION OF THE EUROPOL, EUROJUST, SCHENGEN AND CUSTOMS JOINT SUPERVISORY AUTHORITIES

Biometrics from a legal perspective dr. Ronald Leenes

5418/16 AV/NT/vm DGD 2

EDPS Opinion 7/2018. on the Proposal for a Regulation strengthening the security of identity cards of Union citizens and other documents

Law Enforcement processing (Part 3 of the DPA 2018)

AUSTRALIA: STUDY ON HUMAN RIGHTS COMPLIANCE WHILE COUNTERING TERRORISM REPORT SUMMARY

Code of Practice - Covert Human Intelligence Sources. Covert Human Intelligence Sources. Code of Practice

Secretariaat. To European Parliament Civil Liberties, Justice and Home Affairs Committee Rue Wiertz BE-1047 BRUXELLES

Premise. The social mission and objectives

84 rd REGULAR SESSION OEA/Ser.Q March 10-14, 2014 CJI/doc. 450/14 Rio de Janeiro, Brazil February 25, 2014 Original: English * Limited

DECISION no. 52 of 31 st May 2012 on the processing of personal data using video surveillance means

DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. of 24 October 1995

The Scope and the Challenges of the Access of Children to Justice in Macedonian Legislation and Practice

CONSULTATIVE COMMITTEE OF THE CONVENTION FOR THE PROTECTION OF INDIVIDUALS WITH REGARD TO AUTOMATIC PROCESSING OF PERSONAL DATA

Response of the Northern Ireland Human Rights Commission to the Housing (Amendment) Bill. NIA Bill 58/11-16 Summary

The European Union Agency for Fundamental Rights (FRA)

Identifying Drug Labs by Analysing Sewage Systems. Bart van der Sloot, Tilburg University, TILT

Interest Balancing Test Assessment regarding data processing for the purpose of the exercise of legal claims

Brussels, 16 May 2006 (Case ) 1. Procedure

May 7, 2008 MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES. Designation and Sharing of Controlled Unclassified Information (CUI)

Privacy International's comments on the Brazil draft law on processing of personal data to protect the personality and dignity of natural persons

The Privacy Policy links to the following Objective contained within the City Plan

HAUT-COMMISSARIAT AUX DROITS DE L HOMME OFFICE OF THE HIGH COMMISSIONER FOR HUMAN RIGHTS PALAIS DES NATIONS 1211 GENEVA 10, SWITZERLAND

Legal aspects of biometric data processing : current state of affairs. Dr. E. J. Kindt MIPRO 2015

EDPS Opinion on the proposal for a recast of Brussels IIa Regulation

The forensic use of bioinformation: ethical issues

Plea for referral to police for investigation of alleged s.1 RIPA violations by GCHQ

Act on the Publicity of Court Proceedings in General Courts (370/2007) (amendments to 742/2015 included)

Personal Data Protection Act

OJ Ann. I(I) L. 156(I) 2004 No 3851,

SECTION 8: REPORTING CRIME AND ANTI-SOCIAL BEHAVIOUR

Serious Crime Bill (HL) Briefing for House of Commons Second Reading

WORKING DOCUMENT. EN United in diversity EN

Seminar organized by the Supreme Administrative Court of Poland and ACA-Europe

Submission to the Joint Committee on the draft Investigatory Powers Bill

Colloquium organized by Supreme Administrative Court of the Czech Republic and ACA-Europe

ARTICLE 29 DATA PROTECTION WORKING PARTY WORKING PARTY ON POLICE AND JUSTICE

BEFORE THE EUROPEAN COMMITTEE ON LEGAL COOPERATION OF THE COUNCIL OF EUROPE PLENARY MEETING OCTOBER 11-14, 2010

Act No. 502 of 23 May 2018

TO THE PRESIDENT AND MEMBERS OF THE COURT OF JUSTICE WRITTEN OBSERVATIONS

COUNCIL OF THE EUROPEAN UNION. Brussels, 27 November 2009 (OR. en) 16110/09 JAI 838 USA 101 RELEX 1082 DATAPROTECT 73 ECOFIN 805

The Right to Privacy in the Digital Age: Meeting Report

Security Council Counter-Terrorism-Committee, New York, 24 October 2005.

Schengen Joint Supervisory Authority Activity Report January 2004-December 2005

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION.

STATOIL BINDING CORPORATE RULES - PUBLIC DOCUMENT

The legal framework and guidance on data protection under the. Cross-border ehealth Information Services (CBeHIS) T6.2 JAseHN draft v.2 (20.10.

STATUTORY INSTRUMENT 2002 NO THE ELECTRONIC COMMERCE (EC DIRECTIVE) REGULATIONS Statutory Instruments No. 2013

LEGAL BASIS OBJECTIVES ACHIEVEMENTS

Council of the European Union Brussels, 1 February 2017 (OR. en)

1. What sort of passenger information will be transferred to US authorities?

ARTICLE 29 Data Protection Working Party

ELECTRONIC DATA PROTECTION ACT An Act to provide for protection to electronic data with regard to the processing of electronic data in Pakistan

1 of 7 03/04/ :56

COMP Article 1. Article 1 Subject matter and objectives

EUROPEAN DATA PROTECTION SUPERVISOR

Covert Human Intelligence Sources Code of Practice

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,

Enlighten Latest developments in EU competition law and fundamental rights: an ongoing tale

8557/16 SHO/ra 1 DGD 2

Douwe Korff Professor of International Law London Metropolitan University, London (UK)

Information exempt from the subject access right (section 40(4) and

SUMMARY OF THE IMPACT ASSESSMENT

Code of Practice Issued Under Section 377A of the Proceeds of Crime Act 2002

P6_TA-PROV(2007)0347 PNR Agreement

Recommendation for a COUNCIL DECISION

Assessing the necessity of measures that limit the fundamental right to the protection of personal data: A Toolkit

The modernised Convention 108: novelties in a nutshell

Written evidence to the Justice Committee. Scottish Human Rights Commission. November 2017

Legal Issues in ILP. Tad and Terry

Opinion 3/2016. Opinion on the exchange of information on third country nationals as regards the European Criminal Records Information System (ECRIS)

Translation from Finnish Legally binding only in Finnish and Swedish Ministry of the Interior, Finland

Opinion on a notification for Prior Checking received from the Data Protection Officer of the European Commission regarding the database ARDOS

Association of Law Enforcement Intelligence Units

WILTSHIRE POLICE POLICY

ARTICLE 29 DATA PROTECTION WORKING PARTY

JUDGMENT OF THE COURT (First Chamber) 1 February 2007 * APPEAL under Article 56 of the Statute of the Court of Justice, brought on 24 June 2005,

Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

ANTI-BRIBERY AND CORRUPTION POLICY Version 3 January 2018)

Telecommunications Information Privacy Code 2003

Meijers Committee standing committee of experts on international immigration, refugee and criminal law

PERSONAL INFORMATION PROTECTION ACT

RESPONSE TO THE CONSULTATION ON THE PROPOSED HOUSING (ANTI-SOCIAL BEHAVIOUR) BILL (NORTHERN IRELAND)

Statutory Frameworks. Safeguarding and Prevent. 1. Safeguarding

LEGAL BASIS OBJECTIVES ACHIEVEMENTS

LIFTING OF SECRECY OF COMMUNICATIONS 1. APPLICABLE PROVISIONS AT CONSTITUTIONAL AND SUPRALEGISLATIVE LEVELS (INTERNATIONAL AND EUROPEAN) Pursuant to

PRIVACY POLICY. 1. OVERVIEW MEGT is committed to protecting privacy and will manage personal information in an open and transparent way.

Transcription:

Cybercrime investigation and the protection of personal data and privacy Rob van den Hoven van Genderen, Vrije Universiteit law faculty, r.vandenhovenvangenderen@rechten.vu.nl 2008 1

Key questions How can the tension between privacy protection and criminal investigation be regulated at acceptable levels How secure are the guarantees and safeguards of Article 15 CoC in this respect concerning special competences of investigative authorities in cybercrime? 2008 2

Article 8 ECHR 1. Everyone has the right to respect for his private and family life, his home and correspondence. 2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others. 2008 3

Concept of privacy The right of the individual to be protected against intrusion into his personal life or affairs, or those of his family, by direct physical means or by publication of information (David Calcutt, uk priv. cty) Inviolability of the individual, the individual's independence, dignity and integrity (Edward Bloustein) Three elements in privacy: secrecy, anonymity and solitude (Ruth Gavison). 2008 4

Personal data Personal data is any information concerning identified or identifiable natural persons. This considers any data that results in information on any natural person on his behavior, ideas and way of living. Even if the name of this person is not mentioned it can be defined as personal data if the identity of the person can be defined without to much extra effort 2008 5

Personal data Data (or information) that relate to, and allow identification of, individual physical/natural persons (and sometimes groups or organisations Personal data means any information relating to an identified or identifiable individual (identifiable) Personal data (and its protection) is defined as far as it can practically derived from any source is considered to be extending in a continuous pace 2008 6

Processing of personal data Collection, registration, storage, use and/or dissemination of personal data Any data: Images, texts, sounds, physical data Police-data: any data concerning an identified or identifiable natural person that is being processed in the exercise of the police task Article 18/19 CoC: production order/seizure 2008 7

2008 8

Changing value? In the equilibrium between security and privacy, the weight seems to be shifting towards security protection by giving up on human rights, including the protection of privacy 2008 9

Council of Europe Convention for the protection of individuals with w regard to automatic processing of personal data (ETS 108) Article 6 Special categories of data Personal data revealing racial origin, political opinions or religious or other beliefs, as well as personal data concerning health or sexual life, may not be processed automatically unless domestic law provides appropriate safeguards. The same shall apply to personal data relating to criminal convictions. But.except for Article 9:a protecting State security, public safety, the monetary interests of the State or the suppression of criminal offences; 2008 10

How important? Two thirds of Dutch population agrees with giving up on privacy if this increases security, related to the war on terrorism. IKON TV, 2004 2008 11

2008 12

General principle State clearly the principles that are applicable on the processing of personal data as described, inter alia, the Cybercrime Convention and national law in more specific ways than general reference to international human right conventions and henceforth should oblige the investigative authorities to handle accordingly 2008 13

Minimal Applicable principles Fair collection principle: : personal data should be gathered by fair and lawful means Proportionality (minimalist) principle Clear description principle: : the criminal behaviour or act or connection of the concerned subject has to clearly described in the Code of criminal law Purpose specification: : personal data should be gathered for specified and lawful purposes Information of the data subject: Information of the data subject shall provide for complete provisions including the identity of the data controller, the possible recipients and the legal basis for processing. Any restrictions shall be precise and limited and based on law. (Sensitive) Data categories: the processing of special categories of data is prohibited unless specific conditions are met and specific guarantees are foreseeing in the national legislation (conforms to Article 8 EU Directive, Article 6 Convention 108). Categories of data subject: It is a requirement of the principle of proportionality to reintroduce distinctions between the different categories of data subject concerned by the processing for police and law enforcement purposes Accountability principle: authorities responsible for processing personal data should be accountable for complying with the above principles. 2008 14

How to deal with privacy in investigations More crystallised application of Article 15 Cybercrime Convention Defining personal data in the Cybercrime Convention and related national laws Specification of criminal intelligence and supportive actions in investigations Separation between general collection of personal data and obvious criminal procedure with a clear suspect Clear specification of use of instruments and procedures for investigation Exceptions must be clearly specified by law Applicable data protection principles should be integrated in the Cybercrime Convention 2008 15

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback